[throwawaygh]

Indeed.

My advice for a career in computing is "either become world expert in some durable technology with a high barrier to entry, or else find a secondary specialty" (math, finance/econ, natural sciences, an engineering discipline, pre-law are all good choices).

My advice for a career doing generic undifferentiated software development is "don't", or at least "move into management during your 30s".

[waldohatesyou]

As someone who more or less did a generic CS degree in their undergrad, how would I go about correcting for the lack of a secondary specialty? Would I have to get a masters later on? Focus on taking jobs at companies in specific domains?

[joshvm]

Most job requirements specify a suitable undergrad degree or equivalent work experience. At some point what degree you have doesn't make any difference any more. It's what experience you have, be it through research or on-the-job.

So either route is open to you. Do you have something particular in mind?

[waldohatesyou]

I see. At the moment, I'm not super sure hence why I'm hesitant to say that I'm going full throttle on anything but in terms of domains I'm interested in exploring further:

1) "Civic tech" which I hesitate to define since it's so nebulous that I imagine my definition differs from that of other folks but the way I think about it is that it either involves government modernization (a la the Canadian Digital Service), companies that provide services to the government (a quick Google search brings up https://home.promise-pay.com/ as an example), or companies that help communities/cities function better (this one is probably the most controversial criteria but when I include it I'm thinking of Sidewalk Labs). I suppose the secondary "specialty" would have to do with public policy but from perusing the careers pages, it seems that in general experience is all they're ultimately interested in (at least for the software engineer positions I would be gunning for) but I would suspect some domain knowledge is what they would prefer in addition to that. So far, I've just been exploring this domain via involvement with open-source projects within this space.

2) Cybersecurity: I'm not sure if this qualifies as a secondary domain since it's still very "computer sciencey" and is quite broad in and of itself but I suspect that it's a much wider space than civic tech which is why I find myself torn between which one is worthy of further exploration. Within this space, I would probably be either be interested in application security positions (https://www.facebook.com/careers/jobs/123558231663498/ as an example) or "secure software development" positions which I understand are positions that involve building software that operates in the context of improving the security posture of a company (ex. software that conducts static analysis of source code to find potential vulnerabilities). To determine whether I am interested in this domain, I've just been going through application security resources (currently, the Crypto 1 course from Stanford but I'll be following that up with other resources from https://github.com/paragonie/awesome-appsec). With regard to next steps after that, I've been thinking of https://www.edx.org/masters/online-master-science-cybersecur... but I'm a bit conflicted given that I've received conflicting opinions on the usefulness of a masters within the field of cybersecurity.

TL;DR: "Civic tech" and cybersecurity are the 2 I'm considering. I'm unsure which domain is worthy of my entire attention but I've been immersing myself in each to a varying degree via related activities.

[joshvm]

You can look at our equivalent, the UK Government Digital Service which hires a lot of tech people. You could probably learn the relevant stuff on the job.

Cybersec I have zero qualifications in, but it seems also like a lot of practical jobs (e.g. pen testing, white-hat stuff) are also more experience focused. Presumably it does help to have some background on the theory, which you might get asked in interviews. But presumably there's a large spectrum of work here, from very theoretical audit/provably secure-type stuff, to more practical work where you try and identify obvious holes in software.

[waldohatesyou]

With regard to the GDS:Is the GDS available to Canadian citizens? I know that we're classified as Commonwealth citizens but I saw that Commonwealth citizens only have access to non-reserved posts and I'm not sure if the GDS is reserved or not.

With regard to cybersec:Yeah, that's more or less in line with other folks have said to me. I think with this I'll just keep reading books until I get a sense of what my niche is.

Thanks for your advice!